Presentation: Automated Attack Tree Generation

When: Sept. 29, 2015, 12:30-13:30

Where: Carré 2K

Who: David Huistra

Attack Trees that model the possible attacks are used for qualitative and quantitative security analysis of systems and organizations. For larger systems/organizations, manually developing attack trees can become a labor intensive and error prone task.

 

This project looks into automatically generating attack trees given a model of the system/organization. The project looks into several steps including basic attack routes generation, attack tree refinement with domain specific attacks and refinement of basic attack steps with attributes, such as a probability of success.